aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2013-11-22 12:57:35 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2013-11-22 12:57:35 -0500
commitd2c2ad54c485e7ebca5c0b7e4a7b2c56103fda38 (patch)
tree4918ea1f5c640fd4f1a5134cc50a6cb8bd0c700e /net
parent7fa850ab4fc992717b3cc6284d3445c88978ca7e (diff)
parent9d8506cc2d7ea1f911c72c100193a3677f6668c3 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: 1) Fix memory leaks and other issues in mwifiex driver, from Amitkumar Karwar. 2) skb_segment() can choke on packets using frag lists, fix from Herbert Xu with help from Eric Dumazet and others. 3) IPv4 output cached route instantiation properly handles races involving two threads trying to install the same route, but we forgot to propagate this logic to input routes as well. Fix from Alexei Starovoitov. 4) Put protections in place to make sure that recvmsg() paths never accidently copy uninitialized memory back into userspace and also make sure that we never try to use more that sockaddr_storage for building the on-kernel-stack copy of a sockaddr. Fixes from Hannes Frederic Sowa. 5) R8152 driver transmit flow bug fixes from Hayes Wang. 6) Fix some minor fallouts from genetlink changes, from Johannes Berg and Michael Opdenacker. 7) AF_PACKET sendmsg path can race with netdevice unregister notifier, fix by using RCU to make sure the network device doesn't go away from under us. Fix from Daniel Borkmann. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (43 commits) gso: handle new frag_list of frags GRO packets genetlink: fix genl_set_err() group ID genetlink: fix genlmsg_multicast() bug packet: fix use after free race in send path when dev is released xen-netback: stop the VIF thread before unbinding IRQs wimax: remove dead code net/phy: Add the autocross feature for forced links on VSC82x4 net/phy: Add VSC8662 support net/phy: Add VSC8574 support net/phy: Add VSC8234 support net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage) net: rework recvmsg handler msg_name and msg_namelen logic bridge: flush br's address entry in fdb when remove the net: core: Always propagate flag changes to interfaces ipv4: fix race in concurrent ip_route_input_slow() r8152: fix incorrect type in assignment r8152: support stopping/waking tx queue r8152: modify the tx flow r8152: fix tx/rx memory overflow netfilter: ebt_ip6: fix source and destination matching ...
Diffstat (limited to 'net')
-rw-r--r--net/appletalk/ddp.c16
-rw-r--r--net/atm/common.c2
-rw-r--r--net/ax25/af_ax25.c4
-rw-r--r--net/bluetooth/af_bluetooth.c9
-rw-r--r--net/bluetooth/hci_sock.c2
-rw-r--r--net/bluetooth/l2cap_core.c3
-rw-r--r--net/bluetooth/rfcomm/core.c3
-rw-r--r--net/bluetooth/rfcomm/sock.c7
-rw-r--r--net/bluetooth/sco.c1
-rw-r--r--net/bluetooth/smp.c3
-rw-r--r--net/bridge/br_if.c2
-rw-r--r--net/bridge/netfilter/ebt_ip6.c8
-rw-r--r--net/caif/caif_socket.c4
-rw-r--r--net/compat.c3
-rw-r--r--net/core/dev.c2
-rw-r--r--net/core/iovec.c3
-rw-r--r--net/core/skbuff.c75
-rw-r--r--net/ipv4/netfilter/ipt_SYNPROXY.c1
-rw-r--r--net/ipv4/route.c8
-rw-r--r--net/ipv6/netfilter/ip6t_SYNPROXY.c1
-rw-r--r--net/ipx/af_ipx.c3
-rw-r--r--net/irda/af_irda.c4
-rw-r--r--net/iucv/af_iucv.c2
-rw-r--r--net/key/af_key.c1
-rw-r--r--net/l2tp/l2tp_ppp.c2
-rw-r--r--net/llc/af_llc.c2
-rw-r--r--net/netfilter/Kconfig2
-rw-r--r--net/netfilter/nf_conntrack_core.c3
-rw-r--r--net/netfilter/nf_conntrack_seqadj.c4
-rw-r--r--net/netfilter/nf_synproxy_core.c7
-rw-r--r--net/netfilter/nft_compat.c19
-rw-r--r--net/netlink/af_netlink.c2
-rw-r--r--net/netlink/genetlink.c4
-rw-r--r--net/netrom/af_netrom.c3
-rw-r--r--net/nfc/llcp_sock.c2
-rw-r--r--net/nfc/rawsock.c2
-rw-r--r--net/packet/af_packet.c91
-rw-r--r--net/packet/internal.h1
-rw-r--r--net/rds/recv.c2
-rw-r--r--net/rose/af_rose.c8
-rw-r--r--net/rxrpc/ar-recvmsg.c9
-rw-r--r--net/socket.c22
-rw-r--r--net/tipc/socket.c6
-rw-r--r--net/unix/af_unix.c5
-rw-r--r--net/vmw_vsock/af_vsock.c2
-rw-r--r--net/vmw_vsock/vmci_transport.c2
-rw-r--r--net/wimax/stack.c1
-rw-r--r--net/x25/af_x25.c3
48 files changed, 198 insertions, 173 deletions
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index 7fee50d637f9..7d424ac6e760 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -1735,7 +1735,6 @@ static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
1735 size_t size, int flags) 1735 size_t size, int flags)
1736{ 1736{
1737 struct sock *sk = sock->sk; 1737 struct sock *sk = sock->sk;
1738 struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name;
1739 struct ddpehdr *ddp; 1738 struct ddpehdr *ddp;
1740 int copied = 0; 1739 int copied = 0;
1741 int offset = 0; 1740 int offset = 0;
@@ -1764,14 +1763,13 @@ static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
1764 } 1763 }
1765 err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied); 1764 err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied);
1766 1765
1767 if (!err) { 1766 if (!err && msg->msg_name) {
1768 if (sat) { 1767 struct sockaddr_at *sat = msg->msg_name;
1769 sat->sat_family = AF_APPLETALK; 1768 sat->sat_family = AF_APPLETALK;
1770 sat->sat_port = ddp->deh_sport; 1769 sat->sat_port = ddp->deh_sport;
1771 sat->sat_addr.s_node = ddp->deh_snode; 1770 sat->sat_addr.s_node = ddp->deh_snode;
1772 sat->sat_addr.s_net = ddp->deh_snet; 1771 sat->sat_addr.s_net = ddp->deh_snet;
1773 } 1772 msg->msg_namelen = sizeof(*sat);
1774 msg->msg_namelen = sizeof(*sat);
1775 } 1773 }
1776 1774
1777 skb_free_datagram(sk, skb); /* Free the datagram. */ 1775 skb_free_datagram(sk, skb); /* Free the datagram. */
diff --git a/net/atm/common.c b/net/atm/common.c
index 737bef59ce89..7b491006eaf4 100644
--- a/net/atm/common.c
+++ b/net/atm/common.c
@@ -531,8 +531,6 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
531 struct sk_buff *skb; 531 struct sk_buff *skb;
532 int copied, error = -EINVAL; 532 int copied, error = -EINVAL;
533 533
534 msg->msg_namelen = 0;
535
536 if (sock->state != SS_CONNECTED) 534 if (sock->state != SS_CONNECTED)
537 return -ENOTCONN; 535 return -ENOTCONN;
538 536
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index a00123ebb0ae..7bb1605bdfd9 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -1636,11 +1636,11 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock,
1636 1636
1637 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 1637 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1638 1638
1639 if (msg->msg_namelen != 0) { 1639 if (msg->msg_name) {
1640 struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name;
1641 ax25_digi digi; 1640 ax25_digi digi;
1642 ax25_address src; 1641 ax25_address src;
1643 const unsigned char *mac = skb_mac_header(skb); 1642 const unsigned char *mac = skb_mac_header(skb);
1643 struct sockaddr_ax25 *sax = msg->msg_name;
1644 1644
1645 memset(sax, 0, sizeof(struct full_sockaddr_ax25)); 1645 memset(sax, 0, sizeof(struct full_sockaddr_ax25));
1646 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, 1646 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index f6a1671ea2ff..56ca494621c6 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -224,10 +224,9 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
224 224
225 skb = skb_recv_datagram(sk, flags, noblock, &err); 225 skb = skb_recv_datagram(sk, flags, noblock, &err);
226 if (!skb) { 226 if (!skb) {
227 if (sk->sk_shutdown & RCV_SHUTDOWN) { 227 if (sk->sk_shutdown & RCV_SHUTDOWN)
228 msg->msg_namelen = 0;
229 return 0; 228 return 0;
230 } 229
231 return err; 230 return err;
232 } 231 }
233 232
@@ -245,8 +244,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
245 if (bt_sk(sk)->skb_msg_name) 244 if (bt_sk(sk)->skb_msg_name)
246 bt_sk(sk)->skb_msg_name(skb, msg->msg_name, 245 bt_sk(sk)->skb_msg_name(skb, msg->msg_name,
247 &msg->msg_namelen); 246 &msg->msg_namelen);
248 else
249 msg->msg_namelen = 0;
250 } 247 }
251 248
252 skb_free_datagram(sk, skb); 249 skb_free_datagram(sk, skb);
@@ -295,8 +292,6 @@ int bt_sock_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
295 if (flags & MSG_OOB) 292 if (flags & MSG_OOB)
296 return -EOPNOTSUPP; 293 return -EOPNOTSUPP;
297 294
298 msg->msg_namelen = 0;
299
300 BT_DBG("sk %p size %zu", sk, size); 295 BT_DBG("sk %p size %zu", sk, size);
301 296
302 lock_sock(sk); 297 lock_sock(sk);
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 71f0be173080..6a6c8bb4fd72 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -856,8 +856,6 @@ static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
856 if (!skb) 856 if (!skb)
857 return err; 857 return err;
858 858
859 msg->msg_namelen = 0;
860
861 copied = skb->len; 859 copied = skb->len;
862 if (len < copied) { 860 if (len < copied) {
863 msg->msg_flags |= MSG_TRUNC; 861 msg->msg_flags |= MSG_TRUNC;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 0cef67707838..4af3821df880 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -2439,6 +2439,9 @@ int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
2439 int err; 2439 int err;
2440 struct sk_buff_head seg_queue; 2440 struct sk_buff_head seg_queue;
2441 2441
2442 if (!chan->conn)
2443 return -ENOTCONN;
2444
2442 /* Connectionless channel */ 2445 /* Connectionless channel */
2443 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) { 2446 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
2444 skb = l2cap_create_connless_pdu(chan, msg, len, priority); 2447 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 94d06cbfbc18..facd8a79c038 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -694,6 +694,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
694 addr.l2_family = AF_BLUETOOTH; 694 addr.l2_family = AF_BLUETOOTH;
695 addr.l2_psm = 0; 695 addr.l2_psm = 0;
696 addr.l2_cid = 0; 696 addr.l2_cid = 0;
697 addr.l2_bdaddr_type = BDADDR_BREDR;
697 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 698 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
698 if (*err < 0) 699 if (*err < 0)
699 goto failed; 700 goto failed;
@@ -719,6 +720,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
719 addr.l2_family = AF_BLUETOOTH; 720 addr.l2_family = AF_BLUETOOTH;
720 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); 721 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
721 addr.l2_cid = 0; 722 addr.l2_cid = 0;
723 addr.l2_bdaddr_type = BDADDR_BREDR;
722 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 724 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
723 if (*err == 0 || *err == -EINPROGRESS) 725 if (*err == 0 || *err == -EINPROGRESS)
724 return s; 726 return s;
@@ -1983,6 +1985,7 @@ static int rfcomm_add_listener(bdaddr_t *ba)
1983 addr.l2_family = AF_BLUETOOTH; 1985 addr.l2_family = AF_BLUETOOTH;
1984 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); 1986 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1985 addr.l2_cid = 0; 1987 addr.l2_cid = 0;
1988 addr.l2_bdaddr_type = BDADDR_BREDR;
1986 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1989 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1987 if (err < 0) { 1990 if (err < 0) {
1988 BT_ERR("Bind failed %d", err); 1991 BT_ERR("Bind failed %d", err);
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index c4d3d423f89b..3c2d3e4aa2f5 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -615,7 +615,6 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
615 615
616 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 616 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
617 rfcomm_dlc_accept(d); 617 rfcomm_dlc_accept(d);
618 msg->msg_namelen = 0;
619 return 0; 618 return 0;
620 } 619 }
621 620
@@ -739,8 +738,9 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
739static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 738static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
740{ 739{
741 struct sock *sk = sock->sk; 740 struct sock *sk = sock->sk;
741 struct sock *l2cap_sk;
742 struct l2cap_conn *conn;
742 struct rfcomm_conninfo cinfo; 743 struct rfcomm_conninfo cinfo;
743 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
744 int len, err = 0; 744 int len, err = 0;
745 u32 opt; 745 u32 opt;
746 746
@@ -783,6 +783,9 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
783 break; 783 break;
784 } 784 }
785 785
786 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
787 conn = l2cap_pi(l2cap_sk)->chan->conn;
788
786 memset(&cinfo, 0, sizeof(cinfo)); 789 memset(&cinfo, 0, sizeof(cinfo));
787 cinfo.hci_handle = conn->hcon->handle; 790 cinfo.hci_handle = conn->hcon->handle;
788 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 791 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 12a0e51e21e1..24fa3964b3c8 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -711,7 +711,6 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
711 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 711 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
712 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 712 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
713 sk->sk_state = BT_CONFIG; 713 sk->sk_state = BT_CONFIG;
714 msg->msg_namelen = 0;
715 714
716 release_sock(sk); 715 release_sock(sk);
717 return 0; 716 return 0;
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 85a2796cac61..4b07acb8293c 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -742,6 +742,9 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
742 742
743 BT_DBG("conn %p", conn); 743 BT_DBG("conn %p", conn);
744 744
745 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
746 return SMP_CMD_NOTSUPP;
747
745 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req); 748 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
746 749
747 if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) 750 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 6e6194fcd88e..4bf02adb5dc2 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -172,6 +172,8 @@ void br_dev_delete(struct net_device *dev, struct list_head *head)
172 del_nbp(p); 172 del_nbp(p);
173 } 173 }
174 174
175 br_fdb_delete_by_port(br, NULL, 1);
176
175 br_vlan_flush(br); 177 br_vlan_flush(br);
176 del_timer_sync(&br->gc_timer); 178 del_timer_sync(&br->gc_timer);
177 179
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 99c85668f551..17fd5f2cb4b8 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -48,10 +48,12 @@ ebt_ip6_mt(const struct sk_buff *skb, struct xt_action_param *par)
48 if (info->bitmask & EBT_IP6_TCLASS && 48 if (info->bitmask & EBT_IP6_TCLASS &&
49 FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS)) 49 FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS))
50 return false; 50 return false;
51 if (FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk, 51 if ((info->bitmask & EBT_IP6_SOURCE &&
52 &info->saddr), EBT_IP6_SOURCE) || 52 FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk,
53 &info->saddr), EBT_IP6_SOURCE)) ||
54 (info->bitmask & EBT_IP6_DEST &&
53 FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk, 55 FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk,
54 &info->daddr), EBT_IP6_DEST)) 56 &info->daddr), EBT_IP6_DEST)))
55 return false; 57 return false;
56 if (info->bitmask & EBT_IP6_PROTO) { 58 if (info->bitmask & EBT_IP6_PROTO) {
57 uint8_t nexthdr = ih6->nexthdr; 59 uint8_t nexthdr = ih6->nexthdr;
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
index 05a41c7ec304..d6be3edb7a43 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c
@@ -286,8 +286,6 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock,
286 if (m->msg_flags&MSG_OOB) 286 if (m->msg_flags&MSG_OOB)
287 goto read_error; 287 goto read_error;
288 288
289 m->msg_namelen = 0;
290
291 skb = skb_recv_datagram(sk, flags, 0 , &ret); 289 skb = skb_recv_datagram(sk, flags, 0 , &ret);
292 if (!skb) 290 if (!skb)
293 goto read_error; 291 goto read_error;
@@ -361,8 +359,6 @@ static int caif_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
361 if (flags&MSG_OOB) 359 if (flags&MSG_OOB)
362 goto out; 360 goto out;
363 361
364 msg->msg_namelen = 0;
365
366 /* 362 /*
367 * Lock the socket to prevent queue disordering 363 * Lock the socket to prevent queue disordering
368 * while sleeps in memcpy_tomsg 364 * while sleeps in memcpy_tomsg
diff --git a/net/compat.c b/net/compat.c
index 89032580bd1d..618c6a8a911b 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -93,7 +93,8 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
93 if (err < 0) 93 if (err < 0)
94 return err; 94 return err;
95 } 95 }
96 kern_msg->msg_name = kern_address; 96 if (kern_msg->msg_name)
97 kern_msg->msg_name = kern_address;
97 } else 98 } else
98 kern_msg->msg_name = NULL; 99 kern_msg->msg_name = NULL;
99 100
diff --git a/net/core/dev.c b/net/core/dev.c
index 7e00a7342ee6..ba3b7ea5ebb3 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4996,7 +4996,7 @@ static void dev_change_rx_flags(struct net_device *dev, int flags)
4996{ 4996{
4997 const struct net_device_ops *ops = dev->netdev_ops; 4997 const struct net_device_ops *ops = dev->netdev_ops;
4998 4998
4999 if ((dev->flags & IFF_UP) && ops->ndo_change_rx_flags) 4999 if (ops->ndo_change_rx_flags)
5000 ops->ndo_change_rx_flags(dev, flags); 5000 ops->ndo_change_rx_flags(dev, flags);
5001} 5001}
5002 5002
diff --git a/net/core/iovec.c b/net/core/iovec.c
index 4cdb7c48dad6..b61869429f4c 100644
--- a/net/core/iovec.c
+++ b/net/core/iovec.c
@@ -48,7 +48,8 @@ int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *a
48 if (err < 0) 48 if (err < 0)
49 return err; 49 return err;
50 } 50 }
51 m->msg_name = address; 51 if (m->msg_name)
52 m->msg_name = address;
52 } else { 53 } else {
53 m->msg_name = NULL; 54 m->msg_name = NULL;
54 } 55 }
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 8cec1e6b844d..2718fed53d8c 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2796,6 +2796,7 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2796 struct sk_buff *segs = NULL; 2796 struct sk_buff *segs = NULL;
2797 struct sk_buff *tail = NULL; 2797 struct sk_buff *tail = NULL;
2798 struct sk_buff *fskb = skb_shinfo(skb)->frag_list; 2798 struct sk_buff *fskb = skb_shinfo(skb)->frag_list;
2799 skb_frag_t *skb_frag = skb_shinfo(skb)->frags;
2799 unsigned int mss = skb_shinfo(skb)->gso_size; 2800 unsigned int mss = skb_shinfo(skb)->gso_size;
2800 unsigned int doffset = skb->data - skb_mac_header(skb); 2801 unsigned int doffset = skb->data - skb_mac_header(skb);
2801 unsigned int offset = doffset; 2802 unsigned int offset = doffset;
@@ -2835,16 +2836,38 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2835 if (hsize > len || !sg) 2836 if (hsize > len || !sg)
2836 hsize = len; 2837 hsize = len;
2837 2838
2838 if (!hsize && i >= nfrags) { 2839 if (!hsize && i >= nfrags && skb_headlen(fskb) &&
2839 BUG_ON(fskb->len != len); 2840 (skb_headlen(fskb) == len || sg)) {
2841 BUG_ON(skb_headlen(fskb) > len);
2842
2843 i = 0;
2844 nfrags = skb_shinfo(fskb)->nr_frags;
2845 skb_frag = skb_shinfo(fskb)->frags;
2846 pos += skb_headlen(fskb);
2847
2848 while (pos < offset + len) {
2849 BUG_ON(i >= nfrags);
2850
2851 size = skb_frag_size(skb_frag);
2852 if (pos + size > offset + len)
2853 break;
2854
2855 i++;
2856 pos += size;
2857 skb_frag++;
2858 }
2840 2859
2841 pos += len;
2842 nskb = skb_clone(fskb, GFP_ATOMIC); 2860 nskb = skb_clone(fskb, GFP_ATOMIC);
2843 fskb = fskb->next; 2861 fskb = fskb->next;
2844 2862
2845 if (unlikely(!nskb)) 2863 if (unlikely(!nskb))
2846 goto err; 2864 goto err;
2847 2865
2866 if (unlikely(pskb_trim(nskb, len))) {
2867 kfree_skb(nskb);
2868 goto err;
2869 }
2870
2848 hsize = skb_end_offset(nskb); 2871 hsize = skb_end_offset(nskb);
2849 if (skb_cow_head(nskb, doffset + headroom)) { 2872 if (skb_cow_head(nskb, doffset + headroom)) {
2850 kfree_skb(nskb); 2873 kfree_skb(nskb);
@@ -2881,7 +2904,7 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2881 nskb->data - tnl_hlen, 2904 nskb->data - tnl_hlen,
2882 doffset + tnl_hlen); 2905 doffset + tnl_hlen);
2883 2906
2884 if (fskb != skb_shinfo(skb)->frag_list) 2907 if (nskb->len == len + doffset)
2885 goto perform_csum_check; 2908 goto perform_csum_check;
2886 2909
2887 if (!sg) { 2910 if (!sg) {
@@ -2899,8 +2922,28 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2899 2922
2900 skb_shinfo(nskb)->tx_flags = skb_shinfo(skb)->tx_flags & SKBTX_SHARED_FRAG; 2923 skb_shinfo(nskb)->tx_flags = skb_shinfo(skb)->tx_flags & SKBTX_SHARED_FRAG;
2901 2924
2902 while (pos < offset + len && i < nfrags) { 2925 while (pos < offset + len) {
2903 *frag = skb_shinfo(skb)->frags[i]; 2926 if (i >= nfrags) {
2927 BUG_ON(skb_headlen(fskb));
2928
2929 i = 0;
2930 nfrags = skb_shinfo(fskb)->nr_frags;
2931 skb_frag = skb_shinfo(fskb)->frags;
2932
2933 BUG_ON(!nfrags);
2934
2935 fskb = fskb->next;
2936 }
2937
2938 if (unlikely(skb_shinfo(nskb)->nr_frags >=
2939 MAX_SKB_FRAGS)) {
2940 net_warn_ratelimited(
2941 "skb_segment: too many frags: %u %u\n",
2942 pos, mss);
2943 goto err;
2944 }
2945
2946 *frag = *skb_frag;
2904 __skb_frag_ref(frag); 2947 __skb_frag_ref(frag);
2905 size = skb_frag_size(frag); 2948 size = skb_frag_size(frag);
2906 2949
@@ -2913,6 +2956,7 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2913 2956
2914 if (pos + size <= offset + len) { 2957 if (pos + size <= offset + len) {
2915 i++; 2958 i++;
2959 skb_frag++;
2916 pos += size; 2960 pos += size;
2917 } else { 2961 } else {
2918 skb_frag_size_sub(frag, pos + size - (offset + len)); 2962 skb_frag_size_sub(frag, pos + size - (offset + len));
@@ -2922,25 +2966,6 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2922 frag++; 2966 frag++;
2923 } 2967 }
2924 2968
2925 if (pos < offset + len) {
2926 struct sk_buff *fskb2 = fskb;
2927
2928 BUG_ON(pos + fskb->len != offset + len);
2929
2930 pos += fskb->len;
2931 fskb = fskb->next;
2932
2933 if (fskb2->next) {
2934 fskb2 = skb_clone(fskb2, GFP_ATOMIC);
2935 if (!fskb2)
2936 goto err;
2937 } else
2938 skb_get(fskb2);
2939
2940 SKB_FRAG_ASSERT(nskb);
2941 skb_shinfo(nskb)->frag_list = fskb2;
2942 }
2943
2944skip_fraglist: 2969skip_fraglist:
2945 nskb->data_len = len - hsize; 2970 nskb->data_len = len - hsize;
2946 nskb->len += nskb->data_len; 2971 nskb->len += nskb->data_len;
diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
index 01cffeaa0085..f13bd91d9a56 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -244,6 +244,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
244 244
245 this_cpu_inc(snet->stats->cookie_valid); 245 this_cpu_inc(snet->stats->cookie_valid);
246 opts->mss = mss; 246 opts->mss = mss;
247 opts->options |= XT_SYNPROXY_OPT_MSS;
247 248
248 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP) 249 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
249 synproxy_check_timestamp_cookie(opts); 250 synproxy_check_timestamp_cookie(opts);
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index f428935c50db..f8da28278014 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1776,8 +1776,12 @@ local_input:
1776 rth->dst.error= -err; 1776 rth->dst.error= -err;
1777 rth->rt_flags &= ~RTCF_LOCAL; 1777 rth->rt_flags &= ~RTCF_LOCAL;
1778 } 1778 }
1779 if (do_cache) 1779 if (do_cache) {
1780 rt_cache_route(&FIB_RES_NH(res), rth); 1780 if (unlikely(!rt_cache_route(&FIB_RES_NH(res), rth))) {
1781 rth->dst.flags |= DST_NOCACHE;
1782 rt_add_uncached_list(rth);
1783 }
1784 }
1781 skb_dst_set(skb, &rth->dst); 1785 skb_dst_set(skb, &rth->dst);
1782 err = 0; 1786 err = 0;
1783 goto out; 1787 goto out;
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c
index bf9f612c1bc2..f78f41aca8e9 100644
--- a/net/ipv6/netfilter/ip6t_SYNPROXY.c
+++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c
@@ -259,6 +259,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
259 259
260 this_cpu_inc(snet->stats->cookie_valid); 260 this_cpu_inc(snet->stats->cookie_valid);
261 opts->mss = mss; 261 opts->mss = mss;
262 opts->options |= XT_SYNPROXY_OPT_MSS;
262 263
263 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP) 264 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
264 synproxy_check_timestamp_cookie(opts); 265 synproxy_check_timestamp_cookie(opts);
diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c
index 7a1e0fc1bd4d..e096025b477f 100644
--- a/net/ipx/af_ipx.c
+++ b/net/ipx/af_ipx.c
@@ -1823,8 +1823,6 @@ static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock,
1823 if (skb->tstamp.tv64) 1823 if (skb->tstamp.tv64)
1824 sk->sk_stamp = skb->tstamp; 1824 sk->sk_stamp = skb->tstamp;
1825 1825
1826 msg->msg_namelen = sizeof(*sipx);
1827
1828 if (sipx) { 1826 if (sipx) {
1829 sipx->sipx_family = AF_IPX; 1827 sipx->sipx_family = AF_IPX;
1830 sipx->sipx_port = ipx->ipx_source.sock; 1828 sipx->sipx_port = ipx->ipx_source.sock;
@@ -1832,6 +1830,7 @@ static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock,
1832 sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net; 1830 sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net;
1833 sipx->sipx_type = ipx->ipx_type; 1831 sipx->sipx_type = ipx->ipx_type;
1834 sipx->sipx_zero = 0; 1832 sipx->sipx_zero = 0;
1833 msg->msg_namelen = sizeof(*sipx);
1835 } 1834 }
1836 rc = copied; 1835 rc = copied;
1837 1836
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index 0f676908d15b..de7db23049f1 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1385,8 +1385,6 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,
1385 1385
1386 IRDA_DEBUG(4, "%s()\n", __func__); 1386 IRDA_DEBUG(4, "%s()\n", __func__);
1387 1387
1388 msg->msg_namelen = 0;
1389
1390 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, 1388 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1391 flags & MSG_DONTWAIT, &err); 1389 flags & MSG_DONTWAIT, &err);
1392 if (!skb) 1390 if (!skb)
@@ -1451,8 +1449,6 @@ static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock,
1451 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 1449 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
1452 timeo = sock_rcvtimeo(sk, noblock); 1450 timeo = sock_rcvtimeo(sk, noblock);
1453 1451
1454 msg->msg_namelen = 0;
1455
1456 do { 1452 do {
1457 int chunk; 1453 int chunk;
1458 struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue); 1454 struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue);
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 168aff5e60de..c4b7218058b6 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -1324,8 +1324,6 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1324 int err = 0; 1324 int err = 0;
1325 u32 offset; 1325 u32 offset;
1326 1326
1327 msg->msg_namelen = 0;
1328
1329 if ((sk->sk_state == IUCV_DISCONN) && 1327 if ((sk->sk_state == IUCV_DISCONN) &&
1330 skb_queue_empty(&iucv->backlog_skb_q) && 1328 skb_queue_empty(&iucv->backlog_skb_q) &&
1331 skb_queue_empty(&sk->sk_receive_queue) && 1329 skb_queue_empty(&sk->sk_receive_queue) &&
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 911ef03bf8fb..545f047868ad 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3616,7 +3616,6 @@ static int pfkey_recvmsg(struct kiocb *kiocb,
3616 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) 3616 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
3617 goto out; 3617 goto out;
3618 3618
3619 msg->msg_namelen = 0;
3620 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); 3619 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
3621 if (skb == NULL) 3620 if (skb == NULL)
3622 goto out; 3621 goto out;
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index ffda81ef1a70..be5fadf34739 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -197,8 +197,6 @@ static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
197 if (sk->sk_state & PPPOX_BOUND) 197 if (sk->sk_state & PPPOX_BOUND)
198 goto end; 198 goto end;
199 199
200 msg->msg_namelen = 0;
201
202 err = 0; 200 err = 0;
203 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, 201 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
204 flags & MSG_DONTWAIT, &err); 202 flags & MSG_DONTWAIT, &err);
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 6cba486353e8..7b01b9f5846c 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -720,8 +720,6 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock,
720 int target; /* Read at least this many bytes */ 720 int target; /* Read at least this many bytes */
721 long timeo; 721 long timeo;
722 722
723 msg->msg_namelen = 0;
724
725 lock_sock(sk); 723 lock_sock(sk);
726 copied = -ENOTCONN; 724 copied = -ENOTCONN;
727 if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) 725 if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 48acec17e27a..c3398cd99b94 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -909,7 +909,7 @@ config NETFILTER_XT_MATCH_CONNLABEL
909 connection simultaneously. 909 connection simultaneously.
910 910
911config NETFILTER_XT_MATCH_CONNLIMIT 911config NETFILTER_XT_MATCH_CONNLIMIT
912 tristate '"connlimit" match support"' 912 tristate '"connlimit" match support'
913 depends on NF_CONNTRACK 913 depends on NF_CONNTRACK
914 depends on NETFILTER_ADVANCED 914 depends on NETFILTER_ADVANCED
915 ---help--- 915 ---help---
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index e22d950c60b3..43549eb7a7be 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -764,9 +764,10 @@ void nf_conntrack_free(struct nf_conn *ct)
764 struct net *net = nf_ct_net(ct); 764 struct net *net = nf_ct_net(ct);
765 765
766 nf_ct_ext_destroy(ct); 766 nf_ct_ext_destroy(ct);
767 atomic_dec(&net->ct.count);
768 nf_ct_ext_free(ct); 767 nf_ct_ext_free(ct);
769 kmem_cache_free(net->ct.nf_conntrack_cachep, ct); 768 kmem_cache_free(net->ct.nf_conntrack_cachep, ct);
769 smp_mb__before_atomic_dec();
770 atomic_dec(&net->ct.count);
770} 771}
771EXPORT_SYMBOL_GPL(nf_conntrack_free); 772EXPORT_SYMBOL_GPL(nf_conntrack_free);
772 773
diff --git a/net/netfilter/nf_conntrack_seqadj.c b/net/netfilter/nf_conntrack_seqadj.c
index 5f9bfd060dea..17c1bcb182c6 100644
--- a/net/netfilter/nf_conntrack_seqadj.c
+++ b/net/netfilter/nf_conntrack_seqadj.c
@@ -41,8 +41,8 @@ int nf_ct_seqadj_set(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
41 spin_lock_bh(&ct->lock); 41 spin_lock_bh(&ct->lock);
42 this_way = &seqadj->seq[dir]; 42 this_way = &seqadj->seq[dir];
43 if (this_way->offset_before == this_way->offset_after || 43 if (this_way->offset_before == this_way->offset_after ||
44 before(this_way->correction_pos, seq)) { 44 before(this_way->correction_pos, ntohl(seq))) {
45 this_way->correction_pos = seq; 45 this_way->correction_pos = ntohl(seq);
46 this_way->offset_before = this_way->offset_after; 46 this_way->offset_before = this_way->offset_after;
47 this_way->offset_after += off; 47 this_way->offset_after += off;
48 } 48 }
diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c
index cdf4567ba9b3..9858e3e51a3a 100644
--- a/net/netfilter/nf_synproxy_core.c
+++ b/net/netfilter/nf_synproxy_core.c
@@ -151,9 +151,10 @@ void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
151 opts->tsecr = opts->tsval; 151 opts->tsecr = opts->tsval;
152 opts->tsval = tcp_time_stamp & ~0x3f; 152 opts->tsval = tcp_time_stamp & ~0x3f;
153 153
154 if (opts->options & XT_SYNPROXY_OPT_WSCALE) 154 if (opts->options & XT_SYNPROXY_OPT_WSCALE) {
155 opts->tsval |= info->wscale; 155 opts->tsval |= opts->wscale;
156 else 156 opts->wscale = info->wscale;
157 } else
157 opts->tsval |= 0xf; 158 opts->tsval |= 0xf;
158 159
159 if (opts->options & XT_SYNPROXY_OPT_SACK_PERM) 160 if (opts->options & XT_SYNPROXY_OPT_SACK_PERM)
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index a82667c64729..da0c1f4ada12 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -128,7 +128,7 @@ static const struct nla_policy nft_rule_compat_policy[NFTA_RULE_COMPAT_MAX + 1]
128 [NFTA_RULE_COMPAT_FLAGS] = { .type = NLA_U32 }, 128 [NFTA_RULE_COMPAT_FLAGS] = { .type = NLA_U32 },
129}; 129};
130 130
131static u8 nft_parse_compat(const struct nlattr *attr, bool *inv) 131static int nft_parse_compat(const struct nlattr *attr, u8 *proto, bool *inv)
132{ 132{
133 struct nlattr *tb[NFTA_RULE_COMPAT_MAX+1]; 133 struct nlattr *tb[NFTA_RULE_COMPAT_MAX+1];
134 u32 flags; 134 u32 flags;
@@ -148,7 +148,8 @@ static u8 nft_parse_compat(const struct nlattr *attr, bool *inv)
148 if (flags & NFT_RULE_COMPAT_F_INV) 148 if (flags & NFT_RULE_COMPAT_F_INV)
149 *inv = true; 149 *inv = true;
150 150
151 return ntohl(nla_get_be32(tb[NFTA_RULE_COMPAT_PROTO])); 151 *proto = ntohl(nla_get_be32(tb[NFTA_RULE_COMPAT_PROTO]));
152 return 0;
152} 153}
153 154
154static int 155static int
@@ -166,8 +167,11 @@ nft_target_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
166 167
167 target_compat_from_user(target, nla_data(tb[NFTA_TARGET_INFO]), info); 168 target_compat_from_user(target, nla_data(tb[NFTA_TARGET_INFO]), info);
168 169
169 if (ctx->nla[NFTA_RULE_COMPAT]) 170 if (ctx->nla[NFTA_RULE_COMPAT]) {
170 proto = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &inv); 171 ret = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &proto, &inv);
172 if (ret < 0)
173 goto err;
174 }
171 175
172 nft_target_set_tgchk_param(&par, ctx, target, info, &e, proto, inv); 176 nft_target_set_tgchk_param(&par, ctx, target, info, &e, proto, inv);
173 177
@@ -356,8 +360,11 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
356 360
357 match_compat_from_user(match, nla_data(tb[NFTA_MATCH_INFO]), info); 361 match_compat_from_user(match, nla_data(tb[NFTA_MATCH_INFO]), info);
358 362
359 if (ctx->nla[NFTA_RULE_COMPAT]) 363 if (ctx->nla[NFTA_RULE_COMPAT]) {
360 proto = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &inv); 364 ret = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &proto, &inv);
365 if (ret < 0)
366 goto err;
367 }
361 368
362 nft_match_set_mtchk_param(&par, ctx, match, info, &e, proto, inv); 369 nft_match_set_mtchk_param(&par, ctx, match, info, &e, proto, inv);
363 370
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index f0176e1a5a81..bca50b95c182 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2335,8 +2335,6 @@ static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock,
2335 } 2335 }
2336#endif 2336#endif
2337 2337
2338 msg->msg_namelen = 0;
2339
2340 copied = data_skb->len; 2338 copied = data_skb->len;
2341 if (len < copied) { 2339 if (len < copied) {
2342 msg->msg_flags |= MSG_TRUNC; 2340 msg->msg_flags |= MSG_TRUNC;
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index 7dbc4f732c75..4518a57aa5fe 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -1045,7 +1045,7 @@ static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group,
1045int genlmsg_multicast_allns(struct genl_family *family, struct sk_buff *skb, 1045int genlmsg_multicast_allns(struct genl_family *family, struct sk_buff *skb,
1046 u32 portid, unsigned int group, gfp_t flags) 1046 u32 portid, unsigned int group, gfp_t flags)
1047{ 1047{
1048 if (group >= family->n_mcgrps) 1048 if (WARN_ON_ONCE(group >= family->n_mcgrps))
1049 return -EINVAL; 1049 return -EINVAL;
1050 group = family->mcgrp_offset + group; 1050 group = family->mcgrp_offset + group;
1051 return genlmsg_mcast(skb, portid, group, flags); 1051 return genlmsg_mcast(skb, portid, group, flags);
@@ -1062,7 +1062,7 @@ void genl_notify(struct genl_family *family,
1062 if (nlh) 1062 if (nlh)
1063 report = nlmsg_report(nlh); 1063 report = nlmsg_report(nlh);
1064 1064
1065 if (group >= family->n_mcgrps) 1065 if (WARN_ON_ONCE(group >= family->n_mcgrps))
1066 return; 1066 return;
1067 group = family->mcgrp_offset + group; 1067 group = family->mcgrp_offset + group;
1068 nlmsg_notify(sk, skb, portid, group, report, flags); 1068 nlmsg_notify(sk, skb, portid, group, report, flags);
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 698814bfa7ad..53c19a35fc6d 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1179,10 +1179,9 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock,
1179 sax->sax25_family = AF_NETROM; 1179 sax->sax25_family = AF_NETROM;
1180 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, 1180 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
1181 AX25_ADDR_LEN); 1181 AX25_ADDR_LEN);
1182 msg->msg_namelen = sizeof(*sax);
1182 } 1183 }
1183 1184
1184 msg->msg_namelen = sizeof(*sax);
1185
1186 skb_free_datagram(sk, skb); 1185 skb_free_datagram(sk, skb);
1187 1186
1188 release_sock(sk); 1187 release_sock(sk);
diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c
index d308402b67d8..824c6056bf82 100644
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -807,8 +807,6 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
807 807
808 pr_debug("%p %zu\n", sk, len); 808 pr_debug("%p %zu\n", sk, len);
809 809
810 msg->msg_namelen = 0;
811
812 lock_sock(sk); 810 lock_sock(sk);
813 811
814 if (sk->sk_state == LLCP_CLOSED && 812 if (sk->sk_state == LLCP_CLOSED &&
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
index cd958b381f96..66bcd2eb5773 100644
--- a/net/nfc/rawsock.c
+++ b/net/nfc/rawsock.c
@@ -244,8 +244,6 @@ static int rawsock_recvmsg(struct kiocb *iocb, struct socket *sock,
244 if (!skb) 244 if (!skb)
245 return rc; 245 return rc;
246 246
247 msg->msg_namelen = 0;
248
249 copied = skb->len; 247 copied = skb->len;
250 if (len < copied) { 248 if (len < copied) {
251 msg->msg_flags |= MSG_TRUNC; 249 msg->msg_flags |= MSG_TRUNC;
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 2e8286b47c28..ac27c86ef6d1 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -244,11 +244,15 @@ static void __fanout_link(struct sock *sk, struct packet_sock *po);
244static void register_prot_hook(struct sock *sk) 244static void register_prot_hook(struct sock *sk)
245{ 245{
246 struct packet_sock *po = pkt_sk(sk); 246 struct packet_sock *po = pkt_sk(sk);
247
247 if (!po->running) { 248 if (!po->running) {
248 if (po->fanout) 249 if (po->fanout) {
249 __fanout_link(sk, po); 250 __fanout_link(sk, po);
250 else 251 } else {
251 dev_add_pack(&po->prot_hook); 252 dev_add_pack(&po->prot_hook);
253 rcu_assign_pointer(po->cached_dev, po->prot_hook.dev);
254 }
255
252 sock_hold(sk); 256 sock_hold(sk);
253 po->running = 1; 257 po->running = 1;
254 } 258 }
@@ -266,10 +270,13 @@ static void __unregister_prot_hook(struct sock *sk, bool sync)
266 struct packet_sock *po = pkt_sk(sk); 270 struct packet_sock *po = pkt_sk(sk);
267 271
268 po->running = 0; 272 po->running = 0;
269 if (po->fanout) 273 if (po->fanout) {
270 __fanout_unlink(sk, po); 274 __fanout_unlink(sk, po);
271 else 275 } else {
272 __dev_remove_pack(&po->prot_hook); 276 __dev_remove_pack(&po->prot_hook);
277 RCU_INIT_POINTER(po->cached_dev, NULL);
278 }
279
273 __sock_put(sk); 280 __sock_put(sk);
274 281
275 if (sync) { 282 if (sync) {
@@ -2052,12 +2059,24 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb,
2052 return tp_len; 2059 return tp_len;
2053} 2060}
2054 2061
2062static struct net_device *packet_cached_dev_get(struct packet_sock *po)
2063{
2064 struct net_device *dev;
2065
2066 rcu_read_lock();
2067 dev = rcu_dereference(po->cached_dev);
2068 if (dev)
2069 dev_hold(dev);
2070 rcu_read_unlock();
2071
2072 return dev;
2073}
2074
2055static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) 2075static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
2056{ 2076{
2057 struct sk_buff *skb; 2077 struct sk_buff *skb;
2058 struct net_device *dev; 2078 struct net_device *dev;
2059 __be16 proto; 2079 __be16 proto;
2060 bool need_rls_dev = false;
2061 int err, reserve = 0; 2080 int err, reserve = 0;
2062 void *ph; 2081 void *ph;
2063 struct sockaddr_ll *saddr = (struct sockaddr_ll *)msg->msg_name; 2082 struct sockaddr_ll *saddr = (struct sockaddr_ll *)msg->msg_name;
@@ -2070,7 +2089,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
2070 mutex_lock(&po->pg_vec_lock); 2089 mutex_lock(&po->pg_vec_lock);
2071 2090
2072 if (saddr == NULL) { 2091 if (saddr == NULL) {
2073 dev = po->prot_hook.dev; 2092 dev = packet_cached_dev_get(po);
2074 proto = po->num; 2093 proto = po->num;
2075 addr = NULL; 2094 addr = NULL;
2076 } else { 2095 } else {
@@ -2084,19 +2103,17 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
2084 proto = saddr->sll_protocol; 2103 proto = saddr->sll_protocol;
2085 addr = saddr->sll_addr; 2104 addr = saddr->sll_addr;
2086 dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex); 2105 dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex);
2087 need_rls_dev = true;
2088 } 2106 }
2089 2107
2090 err = -ENXIO; 2108 err = -ENXIO;
2091 if (unlikely(dev == NULL)) 2109 if (unlikely(dev == NULL))
2092 goto out; 2110 goto out;
2093
2094 reserve = dev->hard_header_len;
2095
2096 err = -ENETDOWN; 2111 err = -ENETDOWN;
2097 if (unlikely(!(dev->flags & IFF_UP))) 2112 if (unlikely(!(dev->flags & IFF_UP)))
2098 goto out_put; 2113 goto out_put;
2099 2114
2115 reserve = dev->hard_header_len;
2116
2100 size_max = po->tx_ring.frame_size 2117 size_max = po->tx_ring.frame_size
2101 - (po->tp_hdrlen - sizeof(struct sockaddr_ll)); 2118 - (po->tp_hdrlen - sizeof(struct sockaddr_ll));
2102 2119
@@ -2173,8 +2190,7 @@ out_status:
2173 __packet_set_status(po, ph, status); 2190 __packet_set_status(po, ph, status);
2174 kfree_skb(skb); 2191 kfree_skb(skb);
2175out_put: 2192out_put:
2176 if (need_rls_dev) 2193 dev_put(dev);
2177 dev_put(dev);
2178out: 2194out:
2179 mutex_unlock(&po->pg_vec_lock); 2195 mutex_unlock(&po->pg_vec_lock);
2180 return err; 2196 return err;
@@ -2212,7 +2228,6 @@ static int packet_snd(struct socket *sock,
2212 struct sk_buff *skb; 2228 struct sk_buff *skb;
2213 struct net_device *dev; 2229 struct net_device *dev;
2214 __be16 proto; 2230 __be16 proto;
2215 bool need_rls_dev = false;
2216 unsigned char *addr; 2231 unsigned char *addr;
2217 int err, reserve = 0; 2232 int err, reserve = 0;
2218 struct virtio_net_hdr vnet_hdr = { 0 }; 2233 struct virtio_net_hdr vnet_hdr = { 0 };
@@ -2228,7 +2243,7 @@ static int packet_snd(struct socket *sock,
2228 */ 2243 */
2229 2244
2230 if (saddr == NULL) { 2245 if (saddr == NULL) {
2231 dev = po->prot_hook.dev; 2246 dev = packet_cached_dev_get(po);
2232 proto = po->num; 2247 proto = po->num;
2233 addr = NULL; 2248 addr = NULL;
2234 } else { 2249 } else {
@@ -2240,19 +2255,17 @@ static int packet_snd(struct socket *sock,
2240 proto = saddr->sll_protocol; 2255 proto = saddr->sll_protocol;
2241 addr = saddr->sll_addr; 2256 addr = saddr->sll_addr;
2242 dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex); 2257 dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex);
2243 need_rls_dev = true;
2244 } 2258 }
2245 2259
2246 err = -ENXIO; 2260 err = -ENXIO;
2247 if (dev == NULL) 2261 if (unlikely(dev == NULL))
2248 goto out_unlock; 2262 goto out_unlock;
2249 if (sock->type == SOCK_RAW)
2250 reserve = dev->hard_header_len;
2251
2252 err = -ENETDOWN; 2263 err = -ENETDOWN;
2253 if (!(dev->flags & IFF_UP)) 2264 if (unlikely(!(dev->flags & IFF_UP)))
2254 goto out_unlock; 2265 goto out_unlock;
2255 2266
2267 if (sock->type == SOCK_RAW)
2268 reserve = dev->hard_header_len;
2256 if (po->has_vnet_hdr) { 2269 if (po->has_vnet_hdr) {
2257 vnet_hdr_len = sizeof(vnet_hdr); 2270 vnet_hdr_len = sizeof(vnet_hdr);
2258 2271
@@ -2386,15 +2399,14 @@ static int packet_snd(struct socket *sock,
2386 if (err > 0 && (err = net_xmit_errno(err)) != 0) 2399 if (err > 0 && (err = net_xmit_errno(err)) != 0)
2387 goto out_unlock; 2400 goto out_unlock;
2388 2401
2389 if (need_rls_dev) 2402 dev_put(dev);
2390 dev_put(dev);
2391 2403
2392 return len; 2404 return len;
2393 2405
2394out_free: 2406out_free:
2395 kfree_skb(skb); 2407 kfree_skb(skb);
2396out_unlock: 2408out_unlock:
2397 if (dev && need_rls_dev) 2409 if (dev)
2398 dev_put(dev); 2410 dev_put(dev);
2399out: 2411out:
2400 return err; 2412 return err;
@@ -2614,6 +2626,7 @@ static int packet_create(struct net *net, struct socket *sock, int protocol,
2614 po = pkt_sk(sk); 2626 po = pkt_sk(sk);
2615 sk->sk_family = PF_PACKET; 2627 sk->sk_family = PF_PACKET;
2616 po->num = proto; 2628 po->num = proto;
2629 RCU_INIT_POINTER(po->cached_dev, NULL);
2617 2630
2618 sk->sk_destruct = packet_sock_destruct; 2631 sk->sk_destruct = packet_sock_destruct;
2619 sk_refcnt_debug_inc(sk); 2632 sk_refcnt_debug_inc(sk);
@@ -2660,7 +2673,6 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
2660 struct sock *sk = sock->sk; 2673 struct sock *sk = sock->sk;
2661 struct sk_buff *skb; 2674 struct sk_buff *skb;
2662 int copied, err; 2675 int copied, err;
2663 struct sockaddr_ll *sll;
2664 int vnet_hdr_len = 0; 2676 int vnet_hdr_len = 0;
2665 2677
2666 err = -EINVAL; 2678 err = -EINVAL;
@@ -2744,22 +2756,10 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
2744 goto out_free; 2756 goto out_free;
2745 } 2757 }
2746 2758
2747 /* 2759 /* You lose any data beyond the buffer you gave. If it worries
2748 * If the address length field is there to be filled in, we fill 2760 * a user program they can ask the device for its MTU
2749 * it in now. 2761 * anyway.
2750 */ 2762 */
2751
2752 sll = &PACKET_SKB_CB(skb)->sa.ll;
2753 if (sock->type == SOCK_PACKET)
2754 msg->msg_namelen = sizeof(struct sockaddr_pkt);
2755 else
2756 msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr);
2757
2758 /*
2759 * You lose any data beyond the buffer you gave. If it worries a
2760 * user program they can ask the device for its MTU anyway.
2761 */
2762
2763 copied = skb->len; 2763 copied = skb->len;
2764 if (copied > len) { 2764 if (copied > len) {
2765 copied = len; 2765 copied = len;
@@ -2772,9 +2772,20 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
2772 2772
2773 sock_recv_ts_and_drops(msg, sk, skb); 2773 sock_recv_ts_and_drops(msg, sk, skb);
2774 2774
2775 if (msg->msg_name) 2775 if (msg->msg_name) {
2776 /* If the address length field is there to be filled
2777 * in, we fill it in now.
2778 */
2779 if (sock->type == SOCK_PACKET) {
2780 msg->msg_namelen = sizeof(struct sockaddr_pkt);
2781 } else {
2782 struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll;
2783 msg->msg_namelen = sll->sll_halen +
2784 offsetof(struct sockaddr_ll, sll_addr);
2785 }
2776 memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, 2786 memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa,
2777 msg->msg_namelen); 2787 msg->msg_namelen);
2788 }
2778 2789
2779 if (pkt_sk(sk)->auxdata) { 2790 if (pkt_sk(sk)->auxdata) {
2780 struct tpacket_auxdata aux; 2791 struct tpacket_auxdata aux;
diff --git a/net/packet/internal.h b/net/packet/internal.h
index c4e4b4561207..1035fa2d909c 100644
--- a/net/packet/internal.h
+++ b/net/packet/internal.h
@@ -113,6 +113,7 @@ struct packet_sock {
113 unsigned int tp_loss:1; 113 unsigned int tp_loss:1;
114 unsigned int tp_tx_has_off:1; 114 unsigned int tp_tx_has_off:1;
115 unsigned int tp_tstamp; 115 unsigned int tp_tstamp;
116 struct net_device __rcu *cached_dev;
116 struct packet_type prot_hook ____cacheline_aligned_in_smp; 117 struct packet_type prot_hook ____cacheline_aligned_in_smp;
117}; 118};
118 119
diff --git a/net/rds/recv.c b/net/rds/recv.c
index 9f0f17cf6bf9..de339b24ca14 100644
--- a/net/rds/recv.c
+++ b/net/rds/recv.c
@@ -410,8 +410,6 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
410 410
411 rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo); 411 rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo);
412 412
413 msg->msg_namelen = 0;
414
415 if (msg_flags & MSG_OOB) 413 if (msg_flags & MSG_OOB)
416 goto out; 414 goto out;
417 415
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index e98fcfbe6007..33af77246bfe 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1216,7 +1216,6 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
1216{ 1216{
1217 struct sock *sk = sock->sk; 1217 struct sock *sk = sock->sk;
1218 struct rose_sock *rose = rose_sk(sk); 1218 struct rose_sock *rose = rose_sk(sk);
1219 struct sockaddr_rose *srose = (struct sockaddr_rose *)msg->msg_name;
1220 size_t copied; 1219 size_t copied;
1221 unsigned char *asmptr; 1220 unsigned char *asmptr;
1222 struct sk_buff *skb; 1221 struct sk_buff *skb;
@@ -1252,8 +1251,11 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
1252 1251
1253 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 1252 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1254 1253
1255 if (srose != NULL) { 1254 if (msg->msg_name) {
1256 memset(srose, 0, msg->msg_namelen); 1255 struct sockaddr_rose *srose;
1256
1257 memset(msg->msg_name, 0, sizeof(struct full_sockaddr_rose));
1258 srose = msg->msg_name;
1257 srose->srose_family = AF_ROSE; 1259 srose->srose_family = AF_ROSE;
1258 srose->srose_addr = rose->dest_addr; 1260 srose->srose_addr = rose->dest_addr;
1259 srose->srose_call = rose->dest_call; 1261 srose->srose_call = rose->dest_call;
diff --git a/net/rxrpc/ar-recvmsg.c b/net/rxrpc/ar-recvmsg.c
index 4b48687c3890..898492a8d61b 100644
--- a/net/rxrpc/ar-recvmsg.c
+++ b/net/rxrpc/ar-recvmsg.c
@@ -143,10 +143,13 @@ int rxrpc_recvmsg(struct kiocb *iocb, struct socket *sock,
143 143
144 /* copy the peer address and timestamp */ 144 /* copy the peer address and timestamp */
145 if (!continue_call) { 145 if (!continue_call) {
146 if (msg->msg_name && msg->msg_namelen > 0) 146 if (msg->msg_name) {
147 size_t len =
148 sizeof(call->conn->trans->peer->srx);
147 memcpy(msg->msg_name, 149 memcpy(msg->msg_name,
148 &call->conn->trans->peer->srx, 150 &call->conn->trans->peer->srx, len);
149 sizeof(call->conn->trans->peer->srx)); 151 msg->msg_namelen = len;
152 }
150 sock_recv_ts_and_drops(msg, &rx->sk, skb); 153 sock_recv_ts_and_drops(msg, &rx->sk, skb);
151 } 154 }
152 155
diff --git a/net/socket.c b/net/socket.c
index c226aceee65b..0b18693f2be6 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -221,12 +221,13 @@ static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
221 int err; 221 int err;
222 int len; 222 int len;
223 223
224 BUG_ON(klen > sizeof(struct sockaddr_storage));
224 err = get_user(len, ulen); 225 err = get_user(len, ulen);
225 if (err) 226 if (err)
226 return err; 227 return err;
227 if (len > klen) 228 if (len > klen)
228 len = klen; 229 len = klen;
229 if (len < 0 || len > sizeof(struct sockaddr_storage)) 230 if (len < 0)
230 return -EINVAL; 231 return -EINVAL;
231 if (len) { 232 if (len) {
232 if (audit_sockaddr(klen, kaddr)) 233 if (audit_sockaddr(klen, kaddr))
@@ -1840,8 +1841,10 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
1840 msg.msg_iov = &iov; 1841 msg.msg_iov = &iov;
1841 iov.iov_len = size; 1842 iov.iov_len = size;
1842 iov.iov_base = ubuf; 1843 iov.iov_base = ubuf;
1843 msg.msg_name = (struct sockaddr *)&address; 1844 /* Save some cycles and don't copy the address if not needed */
1844 msg.msg_namelen = sizeof(address); 1845 msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
1846 /* We assume all kernel code knows the size of sockaddr_storage */
1847 msg.msg_namelen = 0;
1845 if (sock->file->f_flags & O_NONBLOCK) 1848 if (sock->file->f_flags & O_NONBLOCK)
1846 flags |= MSG_DONTWAIT; 1849 flags |= MSG_DONTWAIT;
1847 err = sock_recvmsg(sock, &msg, size, flags); 1850 err = sock_recvmsg(sock, &msg, size, flags);
@@ -2221,16 +2224,14 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2221 goto out; 2224 goto out;
2222 } 2225 }
2223 2226
2224 /* 2227 /* Save the user-mode address (verify_iovec will change the
2225 * Save the user-mode address (verify_iovec will change the 2228 * kernel msghdr to use the kernel address space)
2226 * kernel msghdr to use the kernel address space)
2227 */ 2229 */
2228
2229 uaddr = (__force void __user *)msg_sys->msg_name; 2230 uaddr = (__force void __user *)msg_sys->msg_name;
2230 uaddr_len = COMPAT_NAMELEN(msg); 2231 uaddr_len = COMPAT_NAMELEN(msg);
2231 if (MSG_CMSG_COMPAT & flags) { 2232 if (MSG_CMSG_COMPAT & flags)
2232 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); 2233 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
2233 } else 2234 else
2234 err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE); 2235 err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
2235 if (err < 0) 2236 if (err < 0)
2236 goto out_freeiov; 2237 goto out_freeiov;
@@ -2239,6 +2240,9 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2239 cmsg_ptr = (unsigned long)msg_sys->msg_control; 2240 cmsg_ptr = (unsigned long)msg_sys->msg_control;
2240 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT); 2241 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2241 2242
2243 /* We assume all kernel code knows the size of sockaddr_storage */
2244 msg_sys->msg_namelen = 0;
2245
2242 if (sock->file->f_flags & O_NONBLOCK) 2246 if (sock->file->f_flags & O_NONBLOCK)
2243 flags |= MSG_DONTWAIT; 2247 flags |= MSG_DONTWAIT;
2244 err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys, 2248 err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys,
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 3906527259d1..3b61851bb927 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -980,9 +980,6 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock,
980 goto exit; 980 goto exit;
981 } 981 }
982 982
983 /* will be updated in set_orig_addr() if needed */
984 m->msg_namelen = 0;
985
986 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 983 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
987restart: 984restart:
988 985
@@ -1091,9 +1088,6 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
1091 goto exit; 1088 goto exit;
1092 } 1089 }
1093 1090
1094 /* will be updated in set_orig_addr() if needed */
1095 m->msg_namelen = 0;
1096
1097 target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); 1091 target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len);
1098 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 1092 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
1099 1093
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index c1f403bed683..01625ccc3ae6 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1754,7 +1754,6 @@ static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1754{ 1754{
1755 struct unix_sock *u = unix_sk(sk); 1755 struct unix_sock *u = unix_sk(sk);
1756 1756
1757 msg->msg_namelen = 0;
1758 if (u->addr) { 1757 if (u->addr) {
1759 msg->msg_namelen = u->addr->len; 1758 msg->msg_namelen = u->addr->len;
1760 memcpy(msg->msg_name, u->addr->name, u->addr->len); 1759 memcpy(msg->msg_name, u->addr->name, u->addr->len);
@@ -1778,8 +1777,6 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1778 if (flags&MSG_OOB) 1777 if (flags&MSG_OOB)
1779 goto out; 1778 goto out;
1780 1779
1781 msg->msg_namelen = 0;
1782
1783 err = mutex_lock_interruptible(&u->readlock); 1780 err = mutex_lock_interruptible(&u->readlock);
1784 if (err) { 1781 if (err) {
1785 err = sock_intr_errno(sock_rcvtimeo(sk, noblock)); 1782 err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
@@ -1924,8 +1921,6 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1924 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); 1921 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1925 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); 1922 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1926 1923
1927 msg->msg_namelen = 0;
1928
1929 /* Lock the socket to prevent queue disordering 1924 /* Lock the socket to prevent queue disordering
1930 * while sleeps in memcpy_tomsg 1925 * while sleeps in memcpy_tomsg
1931 */ 1926 */
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 545c08b8a1d4..5adfd94c5b85 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -1662,8 +1662,6 @@ vsock_stream_recvmsg(struct kiocb *kiocb,
1662 vsk = vsock_sk(sk); 1662 vsk = vsock_sk(sk);
1663 err = 0; 1663 err = 0;
1664 1664
1665 msg->msg_namelen = 0;
1666
1667 lock_sock(sk); 1665 lock_sock(sk);
1668 1666
1669 if (sk->sk_state != SS_CONNECTED) { 1667 if (sk->sk_state != SS_CONNECTED) {
diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
index 9d6986634e0b..687360da62d9 100644
--- a/net/vmw_vsock/vmci_transport.c
+++ b/net/vmw_vsock/vmci_transport.c
@@ -1746,8 +1746,6 @@ static int vmci_transport_dgram_dequeue(struct kiocb *kiocb,
1746 if (flags & MSG_OOB || flags & MSG_ERRQUEUE) 1746 if (flags & MSG_OOB || flags & MSG_ERRQUEUE)
1747 return -EOPNOTSUPP; 1747 return -EOPNOTSUPP;
1748 1748
1749 msg->msg_namelen = 0;
1750
1751 /* Retrieve the head sk_buff from the socket's receive queue. */ 1749 /* Retrieve the head sk_buff from the socket's receive queue. */
1752 err = 0; 1750 err = 0;
1753 skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); 1751 skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err);
diff --git a/net/wimax/stack.c b/net/wimax/stack.c
index ef2191b969a7..ec8b577db135 100644
--- a/net/wimax/stack.c
+++ b/net/wimax/stack.c
@@ -610,7 +610,6 @@ int __init wimax_subsys_init(void)
610 d_fnend(4, NULL, "() = 0\n"); 610 d_fnend(4, NULL, "() = 0\n");
611 return 0; 611 return 0;
612 612
613 genl_unregister_family(&wimax_gnl_family);
614error_register_family: 613error_register_family:
615 d_fnend(4, NULL, "() = %d\n", result); 614 d_fnend(4, NULL, "() = %d\n", result);
616 return result; 615 return result;
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 45a3ab5612c1..7622789d3750 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -1340,10 +1340,9 @@ static int x25_recvmsg(struct kiocb *iocb, struct socket *sock,
1340 if (sx25) { 1340 if (sx25) {
1341 sx25->sx25_family = AF_X25; 1341 sx25->sx25_family = AF_X25;
1342 sx25->sx25_addr = x25->dest_addr; 1342 sx25->sx25_addr = x25->dest_addr;
1343 msg->msg_namelen = sizeof(*sx25);
1343 } 1344 }
1344 1345
1345 msg->msg_namelen = sizeof(struct sockaddr_x25);
1346
1347 x25_check_rbuf(sk); 1346 x25_check_rbuf(sk);
1348 rc = copied; 1347 rc = copied;
1349out_free_dgram: 1348out_free_dgram:
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-28 03:25:14 -0400